As required by the Government Auditing Standards, we tested FBI records pertaining to the administration of CODIS to obtain reasonable assurance about the FBI’s compliance with laws and regulations that, if not complied with, could have a material effect on the administration of CODIS. Compliance with laws and regulations applicable to CODIS records at the national index level is the responsibility of FBI management. An audit includes examining, on a test basis, evidence about compliance with laws and regulations. The pertinent legislation and the applicable regulations it contains are as follows:

The DNA Identification Act of 1994 authorized the establishment of a national index of: (1) DNA identification records of persons convicted of crimes, (2) analyses of DNA samples recovered from crime scenes, and (3) analyses of DNA samples recovered from unidentified human remains.

In addition, it specified several standards for those laboratories that contribute profiles to the national index system, including proficiency testing requirements for DNA analysts and privacy protection standards related to the information in the national index system.

Finally, it established criminal penalties for individuals who knowingly violate the privacy protection standards, and provided that access to the national index system was subject to cancellation if the quality control and privacy requirements were not met.